{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-24T00:46:31.185","vulnerabilities":[{"cve":{"id":"CVE-2024-28245","sourceIdentifier":"security-advisories@github.com","published":"2024-03-25T20:15:08.370","lastModified":"2026-06-17T07:21:15.303","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\\includegraphics` that runs arbitrary JavaScript, or generate invalid HTML. Upgrade to KaTeX v0.16.10 to remove this vulnerability."},{"lang":"es","value":"KaTeX es una librería de JavaScript para la representación matemática de TeX en la web. Los usuarios de KaTeX que representan expresiones matemáticas que no son de confianza podrían encontrar entradas maliciosas utilizando `\\includegraphics` que ejecuta JavaScript arbitrario o generar HTML no válido. Actualice a KaTeX v0.16.10 para eliminar esta vulnerabilidad."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"KaTeX","product":"KaTeX","versions":[{"version":">= 0.11.0, < 0.6.10","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"katex","product":"katex","defaultStatus":"unknown","cpes":["cpe:2.3:a:katex:katex:0.11.0:*:*:*:*:*:*:*"],"versions":[{"version":"0.11.0","lessThan":"0.16.10","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-03-26T19:26:52.258854Z","id":"CVE-2024-28245","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-116"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:katex:katex:*:*:*:*:*:*:*:*","versionStartIncluding":"0.11.0","versionEndExcluding":"0.16.10","matchCriteriaId":"DA0C907C-7C4C-43B3-ACDB-90853F3EA62F"}]}]}],"references":[{"url":"https://github.com/KaTeX/KaTeX/commit/c5897fcd1f73da9612a53e6b5544f1d776e17770","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/KaTeX/KaTeX/security/advisories/GHSA-f98w-7cxr-ff2h","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/KaTeX/KaTeX/commit/c5897fcd1f73da9612a53e6b5544f1d776e17770","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/KaTeX/KaTeX/security/advisories/GHSA-f98w-7cxr-ff2h","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}